PT-2025-14387 · Ouch · Ouch
Yewan
·
Published
2025-04-01
·
Updated
2025-04-02
·
CVE-2024-13941
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ouch-org ouch versions up to 0.3.1
Description
A critical issue has been found, affecting the function
ouch::archive::zip::convert zip date time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack must be approached locally.Recommendations
Upgrading to version 0.4.0 is able to address this issue.
It is recommended to upgrade the affected component.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ouch